Towards signed television

When you tune in to a programme, you want to know that it is the programme the creators intended you to see. Television, like so many things in public life, is still a trust thing.

I believe in our broadcasters, whatever the rumblings last year around a few cases of misbehaviour. But being able to trust what we're watching goes well beyond production.

We receive our programming by more routes today than ever before. Moreover, some of those routes can't necessarily be trusted.

With a little mathematics and a little programming, we could be sure that the recording we borrow from a friend, fetch from an archive, or record from a cable company, really is the genuine article.

We can reinforce trust in what we're watching, however it happened to arrive. Signed television could enable distribution that embraces, rather than fights, the ability of modern technology to make fast, perfect digital copies. Swarm technologies make it easy – and cheap – to send the same digital file to lots of people, especially if it is at all popular. Broadcasters could release material more widely, knowing that it would be seen in the proper context. They would save themselves the headaches of using a DRM-speedbump that has never kept a piece of content off the pirate networks, but that does prevent a significant number of viewers from using legitimate sources.

I have a design for a fairly simple scheme for cryptographically signed television, be it downloaded or streamed. I plan to post that very soon, but first I'd like to run through a few ways this could make television distribution online more potent, for viewers and producers alike.

Viewers may reasonably want to know, when they are handed a recording of a show (by a friend, their cable operator, a Web site or over the air) that the recording hasn't been tampered with along the way.

With traditional broadcast television, there wasn't much concern about nefarious interlopers. The chance that someone wants to clamber on your roof and fiddle with your antenna is pretty remote. Online there are some more concerns. How do you know when you visit a particular Web site that you are where you think you are? There are perfectly good technologies to assure you, but also plenty of difficulties educating users about what the various error messages mean. Those problems are amplified when the computer lives underneath or within their television, and the viewer talks to it with a simple remote control.

There are some difficult problems here. Some are technical:

how do we sign streams effectively, especially when people join during a programme?

what do we do with copies that have small bit-errors in?

The harder ones are social, including:

how do we make sure the system makes sense to non-technical users?

whose signatures should the system recognise?

how do we distribute and update the keys sensibly (principally a social problem)?

We must ensure no user ever recieves a message that says something nerdily incomprehensible like "this piece of content has been signed by an unknown party, there is no certificate chain to a trusted certifying authority".

Goals

I expect a decent television-signing scheme to:

allow a random recording, as a file on someone's computer / set-top box / clever-television / mobile device, to be checked for authenticity against a known producer or broadcaster

allow a recording or live stream to be checked while it is being played back, and indicate to the user when it has been corrupted, in straightforward terms

enable owners of shows to distribute their content as broadly as possible, together with an assurance that this is the programme they made

These goals should all be good for producers and viewers alike. Viewers can be more sure they are not being duped. Producers can be sure the whole package they produce remains intact.

For content-owners and distributors who care to embrace it, this could allow a very different form of distribution than we are seeing right now. For relatively little cost, a content-owner could bake a version of their programme with short adverts or other promotions in for distribution online. They could sign that whole package, and set a licence that it may be freely copied, non-commercially.

Now, most of the difficult problems with online distribution are eased. You don't have such difficult performance problems, because you are trying to get exactly the same bag of bits to many people. You can embrace the most compelling feature of modern, networked computers: they can copy digital things quickly and precisely. That makes this an ideal candidate for distributing with a swarm protocol like BitTorrent. More copies, with the ads in, mean more eyeballs receiving your advertisements. For a public service broadcaster, there may be no advertisements, but success would be measured in reaching a larger, broader audience.

Make the online copy as high quality as any on broadcast television and you can displace the copies recorded off-air and then seeded online. This is one way that you could compete on quality with the pirate copies.

That kind of distribution may never be the mainstream, but for a suitably enlightened distributor it could be very compelling. They would have lower hosting costs: it would suffice to run a few seeds to ensure the content remains available. Most of the copies would pass between viewers. This also means that people can really recommend a show, including a trustworthy recording directly in their message. Again, that's more copies, more eyeballs, and more ways to generate interest.

If we educate users to expect the warm, fuzzy glow from their video player that this has been signed by a particular trusted source, then producers and broadcasters have a valuable role in 'blessing' the content.

Of course, anyone could sign these things. Just the same things apply to the ad-hoc distribution channels. A particular capping group could sign their releases to say they really grabbed them from the HD DVB-S signal, and encoded it how they say. This is particularly relevant in those circles given last year's flurry of torrents which pretended to be made by aXXo, a particularly prolific DVD ripper.

Trusted distributors can re-assert their role in declaring which content they think is worth watching, and give it a (cryptographically-sound) seal of approval. They can request kindly that consumers and distributors not clip the ads out, and end consumers can trust any chain of distribution, even if it passed through all sorts of filthy mitts. Assuming that the producer makes a dime when people respond to the promotions, it might be enough to just let the content out, and measure those responses.

I'm pretty convinced if you make the highest quality version available this way, with no digital handcuffs, just binary pixie dust adding the trust back in, then we can all have a more pleasant media-viewing experience. That's good for me, as I'd like to get back to trying to invent cool ways to use this kit, rather than endless arguments over technology whose sole effect is to bugger up the user's enjoyment.

In the very near future, I'll post a detailed scheme of how we can do this by gluing some existing technologies together.